Are Group Managed Service Accounts supported by BizTalk? RRS feed

  • Question

  • Hi all,

    I saw that there is already a discussion about the Managed Service Accounts support in BizTalk ( with a clear response to NO.

    But Windows 2012 R2 introduced the "Group Managed Service Accounts" which seems to be a better way to workaround the MSA limitations.

    Are the gMSA supported in BizTalk?


    Thursday, September 11, 2014 11:46 AM


  • While the documentation mentions that gMSA are managed by the Domain Controller and is introduced in Windows Server 2012. I interpret this to imply that this functionality would be AVAILABLE ONLY if you're running your DOMAIN CONTROLLERS on a Windows Server 2012 or higher DOMAIN.

    If you just setup BizTalk on a Windows Server 2012 machine but in a domain which is running on Windows Server 2003 or 2008 compatibility mode because of other things such as Exchange, etc. then you WOULD NOT be able to leverage the gMSA functionality.

    If on the other hand, your domain controllers are running Windows Server 2012 and Domain Level is Windows Server 2012 then you should be able to leverage gMSA accounts for BizTalk/SQL/IIS Service accounts.


    NOTE: The effect of a gMSA account on the Enterprise SSO service which has a serious dependency on the service account password and encryption however would still need to be evaluated.
    • Edited by Shankycheil Thursday, September 11, 2014 12:19 PM SSO
    • Marked as answer by Pengzhen Song Wednesday, September 17, 2014 7:50 AM
    Thursday, September 11, 2014 12:17 PM